FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6ec9f210-0404-11e6-9aee-bc5ff4fb5ea1dhcpcd -- remote code execution/denial of service

MITRE reports:

The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message.


Discovery 2016-01-22
Entry 2016-04-17
dhcpcd
< 6.10.2

CVE-2014-7913
ports/208702
http://roy.marples.name/projects/dhcpcd/info/528541c4c619520e
092156c9-04d7-11e6-b1ce-002590263bf5dhcpcd -- remote code execution/denial of service

MITRE reports:

The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a large length value of an option in a DHCPACK message.


Discovery 2015-06-19
Entry 2016-04-17
dhcpcd
< 6.9.1

CVE-2014-7912
http://roy.marples.name/projects/dhcpcd/info/d71cfd8aa203bffe
df587aa2-b5a5-11e5-9728-002590263bf5dhcpcd -- multiple vulnerabilities

Nico Golde reports:

heap overflow via malformed dhcp responses later in print_option (via dhcp_envoption1) due to incorrect option length values. Exploitation is non-trivial, but I'd love to be proven wrong.

invalid read/crash via malformed dhcp responses. not exploitable beyond DoS as far as I can judge.


Discovery 2016-01-04
Entry 2016-01-08
dhcpcd
< 6.10.0

CVE-2016-1503
CVE-2016-1504
ports/206015
http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30
http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403
http://www.openwall.com/lists/oss-security/2016/01/07/3